CI 2.0.3 会话 heisenbug:会话在 20 分钟后丢失,仅在服务器重定向时丢失,日志中没有任何可疑内容
我似乎无法在这方面取得任何进展。我的 CI 会话设置如下:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 7200;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
会话库在自动加载时加载。我对 sess_update 函数进行了注释,以防止我在阅读 CI 论坛时发现的 AJAX bug。
数据库中的 ci_sessions 表具有排序规则 utf8_general_ci (有一个错误,在每次 redirect() 调用后都会丢失会话,并且它链接到事实上,默认情况下排序规则是 latin1_swedish_ci)。
在我的管理部分的用户尝试添加长文章并单击“保存”按钮后,它总是会中断。保存操作如下所示:
function save($id = 0){
if($this->my_model->save_article($id)){
$this->session->set_flashdata('message', 'success!');
redirect('admin/article_listing');
}else{
$this->session->set_flashdata('message', 'errors encountered');
redirect('admin/article_add');
}
}
如果您花费超过 20 分钟并单击“保存”,则会添加文章,但在重定向时用户将被注销。
我还启用了日志记录,有时当发生错误时我收到消息 会话 cookie 数据与预期不匹配。这可能是一次黑客尝试。 但只有一半的情况。另一半我什么也没得到:显示了我放置在 Session 构造函数末尾的一条消息,没有其他任何内容。在所有情况下,如果我查看浏览器中存储的 cookie,出现错误后,cookie 的第一部分与哈希值不匹配。
另外,虽然我知道 Codeigniter 不使用本机会话,但我已将 session.gc_maxlifetime 设置为 86400。
另一件事要提的是,我无法在我的计算机上重现该错误,但在所有计算机上都重现该错误。我测试过的其他计算机也出现了与上述相同的模式。
如果您对下一步该做什么有任何想法,我将不胜感激。更改为新版本或使用本机会话类(旧版本用于 CI 1.7,它仍然有效吗?)也是我愿意考虑的选项。
编辑:我在 CI 2.0.3 中的 Session 类和最新的 CI Session 类之间进行了比较,它们是相同的。
I can't seem to make any progress with this one. My CI session settings are these:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 7200;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
The session library is loaded on autoload. I've commented the sess_update function to prevent an AJAX bug that I've found about reading the CI forum.
The ci_sessions table in the database has collation utf8_general_ci (there was a bug that lost the session after every redirect() call and it was linked to the fact that the collation was latin1_swedish_ci by default).
It always breaks after a user of my admin section tries to add a long article and clicks the save button. The save action looks like this:
function save($id = 0){
if($this->my_model->save_article($id)){
$this->session->set_flashdata('message', 'success!');
redirect('admin/article_listing');
}else{
$this->session->set_flashdata('message', 'errors encountered');
redirect('admin/article_add');
}
}
If you spend more than 20minutes and click save, the article will be added but on redirect the user will be logged out.
I've also enabled logging and sometimes when the error occurs i get the message The session cookie data did not match what was expected. This could be a possible hacking attempt. but only half of the time. The other half I get nothing: a message that I've placed at the end of the Session constructor is displayed and nothing else. In all the cases if I look at the cookie stored in my browser, after the error the cookie's first part doesn't match the hash.
Also, although I know Codeigniter doesn't use native sessions, I've set session.gc_maxlifetime to 86400.
Another thing to mention is that I'm unable to reproduce the error on my computer but on all the other computers I've tested this bug appears by the same pattern as mentioned above.
If you have any ideas on what to do next, I'd greatly appreciate them. Changing to a new version or using a native session class (the old one was for CI 1.7, will it still work?) are also options I'm willing to consider.
Edit : I've run a diff between the Session class in CI 2.0.3 and the latest CI Session class and they're the same.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我是这样解决的:标准规定浏览器不应允许在 POST 请求后进行重定向。 CI 的
redirect()方法默认发送 302 重定向。合乎逻辑的方法是发送 307 重定向,这解决了我的问题,但需要注意的是显示有关重定向的确认对话框。其他选项是 301(意味着永久移动)重定向,或者我选择的解决方案,javascript 重定向。Here's how I solved it: the standards say that a browser shouldn't allow redirects after a POST request. CI's
redirect()method is sending a 302 redirect by default. The logical way would be to send a 307 redirect, which solved my problem but has the caveat of showing a confirm dialog about the redirect. Other options are a 301 (meaning moved permanently) redirect or, the solution I've chosen, a javascript redirect.